Security Expert Unmasks His Scammer

How a security expert turned the tables on a fraudster trying to 0wn his pilfered iPhone

A young iPhone scammer in Ireland had no clue who he was dealing with when he tried to shake down the owner of a stolen iPhone 5 he had acquired after it was snatched from the owners coat pocket in a Dublin pub.
Turns out the iPhone belonged to security expert Ralph Logan, who was visiting Dublin in September on business and had been out for a pint or two one evening with a friend who was there as part of the roadie crew for former Pink Floyd band member Roger Waters The Wall tour. Logan didnt realize his smartphone was missing until he and his fellow revelers were settled in at a second pub that night.
Logans iPhone was locked with Find My iPhone enabled, so he messaged the phone with his name and hotel information in hopes someone had found it and would return it. I didnt get any response, says Logan, who is a partner at Logan Haile. When he returned home to the States, he purchased a new iPhone 5S and moved on.
But on Nov. 13, he received a message via Twitter from Lee Cork, asking whether Logan had recently lost an iPhone 5 in Ireland. Logan confirmed that he lost his phone with a gray and orange case in Dublin, and gave Cork his Gmail address. (Cork had gleaned Logans email from the stolen iPhone.)
Cork sent Logan this email message:
Lee Cork
Nov 13
Hi Ralph, My name Lee and I work for a company in Belfast which specialise in mobile technician repairs replace etc. A few days ago a guy came in with what is believed to be your phone to get it unlocked or used as parts but upon opening the phone up we came across your name and have be trying to track you down. I would like to return the phone to you but I need to take verification steps can you please forward on the following information:
1- Apple ID and Password
2- A list of 5 contacts numbers you would have used prior to the phone been lost.
3- Your Full name, phone number and Full address.
Lee Cork, RTP General Manager
Thats how Lee gave himself away as a scammer: The iPhone 5 required Logans Apple ID and passcode to reinstall the iOS, a feature that prevents thieves from wiping and using stolen phones as their own, so Lee was obviously neither a Good Samaritan nor a sophisticated scammer. Logan then decided it was time to root out the scammer who had his iPhone. As soon as I got that email, I launched my black-box investigation, he says.
Logan declined to share details of his investigation on the record, but said he was able to dig up some key information on Lee, including his real name -- Martin -- his real email address, his girlfriends name, and his brothers name. After Lee emailed him again for the iPhone credentials and information, Logan responded with an email sent to both Martins scammer and real email addresses.
The email, said, in part:
Nov 29, 2013 Martin, Firstly, you can drop the idiotic pretense of being Lee Cork in Belfast. You are Martin XXXXXX in Dublin. Secondly, I know you acquired my stolen phone as Ive been investigating you for weeks now. The bad news for you is worse than just being out of pocket some money. The bad news is that you acquired stolen property that is owned by a very capable and determined professional security investigator. Its what I do for a living. I currently have enough evidence to roll up and remand you into custody anytime I want. However Ive taken this a bit personally and dont want to involve the Irish local authorities just yet.
Logan then dropped the first names of Martins girlfriend, brother, and mother in the message, and gave him an ultimatum:
Heres what Ive decided to do. Im literally giving you until Wednesday, December 4th to take my phone and drop it with the receptionist at XXXXXX at the following address: xxxxxxxx, Dublin 2 You can tell the receptionist any story you like, but have her label the phone for XXXXXX. XXXXXX is the head of security at that location, who I happened to be visiting while in Dublin. Hell get it back to me.
The phone was delivered, undamaged, to Logans colleagues office in Dublin on Dec. 3. I had him drop it off at a neutral site in Dublin, he says. Turns out Martin had paid 300 euros to someone else who had either stolen or purchased the stolen phone.
Logan says the other method he had planned to use to name and shame the scammer was an email that could have traced his source IP address. I would send him an HTML email with a link to an embedded one-pixel image that would GET from my Web server, which would reveal his source IP address, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Security Expert Unmasks His Scammer